OpenSSL: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Manipulation == <syntaxhighlight lang="bash"> # generate a new private key and certificate signing request openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \ -keyou...") |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Manipulation == | == Manipulation == | ||
=== Generate === | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# generate a new private key and certificate signing request | # generate a new private key and certificate signing request | ||
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \ | openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \ | ||
-keyout chorke.key | -keyout chorke.key | ||
#generate certificate using csr & key | |||
openssl x509 -req -in chorke.csr -signkey chorke.key \ | |||
-out chorke.crt | |||
#generate a self-signed certificate | #generate a self-signed certificate | ||
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \ | openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \ | ||
-keyout | -keyout chorke.key -out chorke.crt | ||
</syntaxhighlight> | |||
=== Check/Verify === | |||
<syntaxhighlight lang="bash"> | |||
# check a certificate signing request(csr) | |||
openssl req -text -noout -verify -in chorke.csr | |||
# check a private key | |||
openssl rsa -check -in chorke.key | |||
# check a certificate | |||
openssl x509 -text -noout -in chorke.crt | |||
# check a pkcs#12 file (.pfx or .p12) | |||
# openssl pkcs12 -info -in chorke.p12 | |||
openssl pkcs12 -info -nokeys -passin \ | |||
pass:password -in chorke.pfx | |||
</syntaxhighlight> | |||
=== Debug === | |||
<syntaxhighlight lang="bash"> | |||
# check an MD5 hash of the public key | |||
openssl x509 -noout -modulus -in chorke.crt | openssl md5 | |||
openssl rsa -noout -modulus -in chorke.key | openssl md5 | |||
openssl req -noout -modulus -in chorke.csr | openssl md5 | |||
# check an ssl connection. all the certs including Intermediates | |||
openssl s_client -connect api.chorke.org:5443/soap/services | |||
</syntaxhighlight> | |||
=== Conversion === | |||
<syntaxhighlight lang="bash"> | |||
openssl x509 -inform der -in chorke.cer -out chorke.pem | |||
openssl x509 -outform der -in chorke.pem -out chorke.der | |||
# openssl pkcs12 -nodes -in chorke.pfx -out chorke.pem | |||
# above pattern not working password might be required | |||
openssl pkcs12 -nodes -passin pass:password \ | |||
-in chorke.pfx -out chorke.pem | |||
# convert private key to pkcs#12 file (.pfx or .p12) | |||
openssl pkcs12 -export -out chorke.pfx -inkey chorke.key \ | |||
-in chorke.crt -certfile rootca.crt | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== References == | == References == | ||
{| | |||
| valign="top" | | |||
* [https://stackoverflow.com/questions/49124091 Create csr, key, crt and import crt, rootca, subca into jks] | |||
* [https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html Create and Install an Apache Self Signed Certificate] | |||
* [https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/ Convert a *.pfx or *.p12 to a seperate *.key or *.crt] | |||
* [https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html import a public SSL certificate into a JVM] | |||
* [https://docs.oracle.com/cd/E19509-01/820-3503/ggezy/index.html Configuring Java CAPS for SSL Support] | |||
* [https://stackoverflow.com/questions/6482484 How to use .key and .crt file in java?] | |||
* [https://www.sslshopper.com/article-most-common-openssl-commands.html Common Most OpenSSL Commands] | * [https://www.sslshopper.com/article-most-common-openssl-commands.html Common Most OpenSSL Commands] | ||
* [https:// | * [https://stackoverflow.com/questions/7064087 How to convert .csr to .cer?] | ||
* [https://www. | * [[Bastion SSH Tunneling]] | ||
* [https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs OpenSSL Essentials] | |||
| valign="top" | | |||
* [[SSH Port Forwarding]] | |||
| valign="top" | | |||
|} |
Latest revision as of 01:47, 29 October 2024
Manipulation
Generate
# generate a new private key and certificate signing request
openssl req -out chorke.csr -new -newkey rsa:2048 -nodes \
-keyout chorke.key
#generate certificate using csr & key
openssl x509 -req -in chorke.csr -signkey chorke.key \
-out chorke.crt
#generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \
-keyout chorke.key -out chorke.crt
Check/Verify
# check a certificate signing request(csr)
openssl req -text -noout -verify -in chorke.csr
# check a private key
openssl rsa -check -in chorke.key
# check a certificate
openssl x509 -text -noout -in chorke.crt
# check a pkcs#12 file (.pfx or .p12)
# openssl pkcs12 -info -in chorke.p12
openssl pkcs12 -info -nokeys -passin \
pass:password -in chorke.pfx
Debug
# check an MD5 hash of the public key
openssl x509 -noout -modulus -in chorke.crt | openssl md5
openssl rsa -noout -modulus -in chorke.key | openssl md5
openssl req -noout -modulus -in chorke.csr | openssl md5
# check an ssl connection. all the certs including Intermediates
openssl s_client -connect api.chorke.org:5443/soap/services
Conversion
openssl x509 -inform der -in chorke.cer -out chorke.pem
openssl x509 -outform der -in chorke.pem -out chorke.der
# openssl pkcs12 -nodes -in chorke.pfx -out chorke.pem
# above pattern not working password might be required
openssl pkcs12 -nodes -passin pass:password \
-in chorke.pfx -out chorke.pem
# convert private key to pkcs#12 file (.pfx or .p12)
openssl pkcs12 -export -out chorke.pfx -inkey chorke.key \
-in chorke.crt -certfile rootca.crt